b"                                                             UNITED STATES DEPARTMENT OF COMMERCE\n                                                             Office of Inspector General\n                                                             Washington, O.C. 202 30\n\n\n\n\nMarch 24, 2014\n\nMEMORANDUM FOR:               Eric L. Hirschhorn\n                              Under Secretary for Industry and Security\n\n\n\nFROM:                        Allen Crawley    ~~\n                             Assistant Inspector General for Systems Acqu(S.iti\n                              and IT Security\n\nSUBJECT:                      Audit of Bureau of Industry and Security's Continuous Monitoring\n                               Strategy and Practices\n\nAs part of our fiscal year (FY) 2014 Federal Information Security Management Act of 2002\n(FISMA) review, OIG is initiating an audit of the Bureau of Industry and Security's continuous\nmonitoring strategy and practices. The audit objective is to determine whether BIS' continuous\nmonitoring strategy and practices, including ongoing security control assessments of its critical\ninformation systems, provide adequate information for authorizing officials to make proper risk-\nbased decisions.\n\nWe plan to begin this work immediately. We will contact your audit liaison to establish an\nentrance conference to discuss this audit. We will conduct our fieldwork at selected BIS and\ncontractor sites. If you have any questions, please call me at (202) 482-1855 or Dr. Ping Sun at\n(202) 482-6121.\n\ncc:    Simon Szykman, Chief Information Officer\n       Rod Turk, Director, Office of Cyber Security, and Chief Information Security Officer\n       Eddie Donnell, Acting Chief Information Officer, BIS\n       Ida Mix, Acting Director of Budget, Planning, Assurance and Security, BIS\n       Susan Schultz Searcy, Audit Liaison, Office of the Chief Information Officer\n       Mark Crace, Audit Liaison, BIS\n\x0c"